netmgrd: fix denials observed during call bringup
Fix the following denials observed when trying to bringup a
data call.
Allow netmgrd to launch programs on shell
[ 207.983674] type=1400 audit(1413464258.877:2646): avc: denied
{ execute } for pid=3153 comm="netmgrd" name="sh" dev="mmcblk0p14"
ino=492 scontext=u:r:netmgrd:s0 tcontext=u:object_r:shell_exec:s0
tclass=file permissive=0
[ 30.392603] type=1400 audit(1878.399:627): avc: denied { read open }
for pid=1814 comm="netmgrd" path="/system/bin/sh" dev="mmcblk0p14"
ino=490 scontext=u:r:netmgrd:s0 tcontext=u:object_r:shell_exec:s0
tclass=file permissive=0
Allow netmgrd to configure the DNS and GW related android properties
[ 64.911773] Boot completed avc: denied { set } for
property=net.rmnet_data0.dns1 scontext=u:r:netmgrd:s0
tcontext=u:object_r:net_radio_prop:s0 tclass=property_service
[ 228.126745] avc: denied { set } for
property=net.rmnet_data0.dns2 scontext=u:r:netmgrd:s0
tcontext=u:object_r:net_radio_prop:s0 tclass=property_service
[ 228.133928] avc: denied { set } for
property=net.rmnet_data0.gw scontext=u:r:netmgrd:s0
tcontext=u:object_r:net_radio_prop:s0 tclass=property_service
Allow netmgrd do determine target using esoc api's
[ 30.354990] type=1400 audit(1878.369:625): avc: denied { search }
for pid=755 comm="netmgrd" name="esoc" dev="sysfs" ino=7642
scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_esoc:s0 tclass=dir
permissive=0
Allow netmgrd to set capabilities
[ 30.401939] type=1400 audit(1878.409:669): avc: denied { setpcap }
for pid=755 comm="netmgrd" capability=8 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=capability permissive=0
CRs-Fixed: 740553
Change-Id: I33655ee5602472e0232b9b2b8e7f3248266b9bbd
1 file changed